CVE-2015-7450

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:2.1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_common_reporting:3.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*

History

21 Nov 2024, 02:36

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg21970575 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21970575 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971342 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21971342 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971376 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21971376 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Broken Link () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Broken Link
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971758 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21971758 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21972799 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21972799 - Vendor Advisory
References () http://www.securityfocus.com/bid/77653 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/77653 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1035125 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1035125 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41613/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/41613/ - Exploit, Third Party Advisory, VDB Entry

24 Jul 2024, 17:02

Type Values Removed Values Added
CWE CWE-94 NVD-CWE-noinfo
First Time Ibm watson Explorer Analytical Components
Ibm sterling Integrator
Ibm watson Content Analytics
Ibm websphere Application Server
Ibm watson Explorer Annotation Administration Console
Ibm sterling B2b Integrator
CPE cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_content_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:liberty:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:hypervisor:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:watson_explorer_annotation_administration_console:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:watson_explorer_analytical_components:*:*:*:*:*:*:*:*
References () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21971733 - Broken Link
References () http://www.securityfocus.com/bid/77653 - () http://www.securityfocus.com/bid/77653 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1035125 - () http://www.securitytracker.com/id/1035125 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/41613/ - () https://www.exploit-db.com/exploits/41613/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2016-01-02 21:59

Updated : 2024-11-21 02:36


NVD link : CVE-2015-7450

Mitre link : CVE-2015-7450

CVE.ORG link : CVE-2015-7450


JSON object : View

Products Affected

ibm

  • websphere_application_server
  • sterling_integrator
  • watson_explorer_annotation_administration_console
  • watson_explorer_analytical_components
  • watson_content_analytics
  • sterling_b2b_integrator
  • tivoli_common_reporting